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REMARKS 

This amendment is submitted in response to tlie Office action dated December 12, 2007. 
Reconsideration and allowance of tlie claims is requested. In this Office Action, the Restriction 
Requirement previously applied to claims 1-4, 7-11, 13-16 and 18-28 is withdrawn. 

The claims are rejected under 35 U.S.C. 112 as being indefinite. Therefore, the claims 
have been reviewed and revised as necessary to eliminate this issue. 

All the claims in the application are rejected under 35 U.S.C. 103 as unpatentable over 
Dolan (U.S. 5,604,801) in view of Rothstein "IVIaking the Internet Come to You, Through 'Push' 
Technology" dated January 20, 1997. These rejections are respectfully traversed. 

Applicant has amended all independent claims to emphasize the fact that the transaction 
approval occurs entirely at the READ, without transmission of the private key to the server 
requesting the approval, a feature which is not taught or suggested in Dolan. Dolan, throughout 
his application and especially at figures 4A, 4B and columns 6 and 7, relied on by the Examiner, 
teaches that the private key is stored at both the server 350 and arguably at the smart card 120. 
It is essential to Dolan's approach that the private key be transmitted from the smart card to the 
server for comparing the private key stored at the server (see step 482 and associated text). It 
is exactly this feature that does not occur or exist in the claimed invention as it creates a major 
security risk. 

In the present invention, the user's private key is stored only at the READ, which is 
available only to the user. The private key is stored there so that it is not accessible at any point 
in the transaction approval process. Specifically, the private key is not transmitted to either the 
READ or away from the READ to any external server. In this regard, the Examiner is directed to 
page 11, lines 18-21, and page 13, lines 21-29 of Dolan, although the reference is replete with 
other references to the same feature. 

As clearly set forth in both independent method claims 1 and 2, the user's private key, 
which is stored onjy at the user's READ, is used to create a transaction approval message. The 
approval message is encrypted using the user's private key and then sent to the server, without 
transmission of the user's private key, which is retained only at the READ. All these features 
are clearly set forth in the independent claims. By contrast, Dolan, at column 6, line 57 through 
column 7, line 1 1 , includes the following statements: 

"The secret keys SK associated with a number of users A, B, C, D... are stored 

securelv in storage device 350 in encrypted form." 
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"When user A wishes to send a message MSG and an associated digital 
signature, smart card 120 generates a has value H of message MSG in step 480 and 
encrypts in step 481 user-specific key KEYa. This encrypted value of the key is sent 
along with the message and the information identifvinq the user across the network to 
server 1 30 in step 482." 

"The process carried out by server 130 is illustrated in FIG. 4b. Server 
130... decrypts the user-specific key KEYa in step 492. This KEY a is used in the secure 
environment to decrvpt and temporarily store the decn/pted value of the secret key of the 
user SKa in step 493. This decrypted secret key is then used, within the secure 
environment 360, to generate the digital signature for the message in step 494." 
Clearly Dolan relies on transmission of the user's private key from the READ to the 
server as a part of the transaction approval process. An essential step of the disclosed 
approach is comparing the private key transmitted from the smart card to the server, which 
stores a list of all useable private keys. The other references cited by the Examiner have been 
reviewed and do not make up for Dolan's lack of teaching of the claimed invention. 



In view of these clear distinctions, reconsideration and allowance of these claims Is 



requested. 



Respectfully submitted. 
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